[Openswan Users] Tunnel keeps up, but traffic is not sent.
Julio Cesar Gazquez
julio at solutionrosario.com.ar
Mon Jan 16 12:43:16 CET 2006
Hi. I recently set my first IPSec tunnels in several locations, all of them
against a box in the main branch, controlled by another shop.
Most of them have a NAT setup, yet with a full NATed IP. The tunnels are
working, but sometimes the tunnels get stuck, as they appear in the output of
ipsec eroute, but the waiting package count goes up and nothing is
transferred across until I restart the service.
Is this a known problem? I guess this is not a matter of NAT port timeout as
the whole IP is forwarded. I have little experience with OpenSwan in
particular and IPSec in general (I just did a couple of tests with Windows
and dedicated routers before this), so I'm not sure if I'm doing something
wrong or I must to blame the people in the other end, who don't cooperate too
much with us.
They are using some *SWAN flavor, as I know their box is a "router" with a
Linux inside, but I have no further details about their setup.
I'm using kernels version 2.4.29 and 2.4.31 with NAT patch and OpenSWAN 2.4.4.
One of my endpoints configurations is as follows:
# basic configuration
config setup
plutodebug = "control parsing emitting natt"
nat_traversal=yes
interfaces="ipsec0=eth1"
# Add connections here
conn rosario
left=10.10.10.11
leftid=200.43.81.4
leftsubnet=192.168.218.0/24
leftnexthop=10.10.10.1
right=200.61.186.49
rightsubnet=192.168.1.0/24
auto=start
authby=secret
Thanks in advance.
--
Julio Gázquez
Solution Servicios Informáticos
http://www.solutionrosario.com.ar
More information about the Users
mailing list